This exploit demonstrates a SQL injection vulnerability in Travel Tours Script v2.0 via multiple parameters in the front.php endpoint. The PoC provides a URL with injectable parameters (e.g., 'direction', 'type', 'rating_from') that can be manipulated to execute arbitrary SQL queries.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Travel Tours Script v2.0
No auth needed
Prerequisites:Access to the vulnerable endpoint · No authentication required